<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>knife client &mdash; chef-client Man Pages</title>
    
    <link rel="stylesheet" href="_static/guide.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    './',
        VERSION:     '',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>


  </head>
  <body>
<div style="background-color: #212c35; text-align: left; padding: 0px 0px 0px 0px">
<a href="http://docs.getchef.com/"><img src="_static/chef_html_logo.png" border="0" alt="Chef"/></a>
</div>


  

    <div class="document">
      <div class="documentwrapper">

          <div class="body">
            
  <div class="section" id="knife-client">
<h1>knife client<a class="headerlink" href="#knife-client" title="Permalink to this headline">¶</a></h1>
<p>The <strong>knife client</strong> subcommand is used to manage an API client list and their associated RSA public key-pairs. This allows authentication requests to be made to the Chef server by any entity that uses the Chef server API, such as the chef-client and knife.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Review the list of <a class="reference internal" href="knife_common_options.html"><em>common options</em></a> available to this (and all) knife subcommands and plugins.</p>
</div>
<div class="section" id="bulk-delete">
<h2>bulk delete<a class="headerlink" href="#bulk-delete" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">bulk</span> <span class="pre">delete</span></tt> argument is used to delete any API client that matches a pattern defined by a regular expression. The regular expression must be within quotes and not be surrounded by forward slashes (<tt class="docutils literal"><span class="pre">/</span></tt>).</p>
<div class="section" id="syntax">
<h3>Syntax<a class="headerlink" href="#syntax" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client bulk delete REGEX
</pre></div>
</div>
</div>
<div class="section" id="options">
<h3>Options<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h3>
<p>This command does not have any specific options.</p>
</div>
<div class="section" id="examples">
<h3>Examples<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h3>
<p>None.</p>
</div>
</div>
<div class="section" id="create">
<h2>create<a class="headerlink" href="#create" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">create</span></tt> argument is used to create a new API client. This process will generate an RSA key pair for the named API client. The public key will be stored on the Chef server and the private key will be displayed on <tt class="docutils literal"><span class="pre">STDOUT</span></tt> or written to a named file.</p>
<ul class="simple">
<li>For the chef-client, the private key should be copied to the system as <tt class="docutils literal"><span class="pre">/etc/chef/client.pem</span></tt>.</li>
<li>For knife, the private key is typically copied to <tt class="docutils literal"><span class="pre">~/.chef/client_name.pem</span></tt> and referenced in the knife.rb configuration file.</li>
</ul>
<div class="section" id="id1">
<h3>Syntax<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client create CLIENT_NAME <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id2">
<h3>Options<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">-a</span></tt>, <tt class="docutils literal"><span class="pre">--admin</span></tt></dt>
<dd>Use to create a client as an admin client. This is required for any user to access Open Source Chef as an administrator. This option only works when used with the open source Chef server and will have no effect when used with Enterprise Chef.</dd>
<dt><tt class="docutils literal"><span class="pre">-f</span> <span class="pre">FILE</span></tt>, <tt class="docutils literal"><span class="pre">--file</span> <span class="pre">FILE</span></tt></dt>
<dd>Use to save a private key to the specified file name.</dd>
<dt><tt class="docutils literal"><span class="pre">--validator</span></tt></dt>
<dd>Use to create the client as the chef-validator. Default value: <tt class="docutils literal"><span class="pre">true</span></tt>.</dd>
</dl>
</div>
<div class="section" id="id3">
<h3>Examples<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Create an admin client</strong></p>
<p>To create a chef-client that can access the Chef server API as an administrator&#8212;sometimes referred to as an &#8220;API chef-client&#8221;&#8212;with the name &#8220;exampleorg&#8221; and save its private key to a file, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client create exampleorg -a -f <span class="s2">&quot;/etc/chef/client.pem&quot;</span>
</pre></div>
</div>
<p><strong>Create an admin client for Enterprise Chef</strong></p>
<p>When running the <tt class="docutils literal"><span class="pre">create</span></tt> argument on Enterprise Chef, be sure to omit the <tt class="docutils literal"><span class="pre">-a</span></tt> option:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client create exampleorg -f <span class="s2">&quot;/etc/chef/client.pem&quot;</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="delete">
<h2>delete<a class="headerlink" href="#delete" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">delete</span></tt> argument is used to delete a registered API client.</p>
<div class="section" id="id4">
<h3>Syntax<a class="headerlink" href="#id4" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client delete CLIENT_NAME
</pre></div>
</div>
</div>
<div class="section" id="id5">
<h3>Options<a class="headerlink" href="#id5" title="Permalink to this headline">¶</a></h3>
<p>This command does not have any specific options.</p>
</div>
<div class="section" id="id6">
<h3>Examples<a class="headerlink" href="#id6" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Delete a client</strong></p>
<p>To delete a client with the name &#8220;client_foo&#8221;, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client delete client_foo
</pre></div>
</div>
<p>Type <tt class="docutils literal"><span class="pre">Y</span></tt> to confirm a deletion.</p>
</div>
</div>
<div class="section" id="edit">
<h2>edit<a class="headerlink" href="#edit" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">edit</span></tt> argument is used to edit the details of a registered API client. When this argument is run, knife will open $EDITOR to enable editing of the <tt class="docutils literal"><span class="pre">admin</span></tt> attribute. (None of the other attributes should be changed using this argument.) When finished, knife will update the Chef server with those changes.</p>
<div class="section" id="id7">
<h3>Syntax<a class="headerlink" href="#id7" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client edit CLIENT_NAME
</pre></div>
</div>
</div>
<div class="section" id="id8">
<h3>Options<a class="headerlink" href="#id8" title="Permalink to this headline">¶</a></h3>
<p>This command does not have any specific options.</p>
</div>
<div class="section" id="id9">
<h3>Examples<a class="headerlink" href="#id9" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Edit a client</strong></p>
<p>To edit a client with the name &#8220;exampleorg&#8221;, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client edit exampleorg
</pre></div>
</div>
</div>
</div>
<div class="section" id="list">
<h2>list<a class="headerlink" href="#list" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">list</span></tt> argument is used to view a list of registered API client.</p>
<div class="section" id="id10">
<h3>Syntax<a class="headerlink" href="#id10" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client list <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id11">
<h3>Options<a class="headerlink" href="#id11" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">-w</span></tt>, <tt class="docutils literal"><span class="pre">--with-uri</span></tt></dt>
<dd>Use to show the corresponding URIs.</dd>
</dl>
</div>
<div class="section" id="id12">
<h3>Examples<a class="headerlink" href="#id12" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>View a list of clients</strong></p>
<p>To verify the API client list for the Chef server, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client list
</pre></div>
</div>
<p>to return something similar to:</p>
<div class="highlight-bash"><div class="highlight"><pre>exampleorg
i-12345678
rs-123456
</pre></div>
</div>
<p>To verify that an API client can authenticate to the
Chef server correctly, try getting a list of clients using <tt class="docutils literal"><span class="pre">-u</span></tt> and <tt class="docutils literal"><span class="pre">-k</span></tt> options to specify its name and private key:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client list -u ORGNAME -k .chef/ORGNAME.pem
</pre></div>
</div>
</div>
</div>
<div class="section" id="reregister">
<h2>reregister<a class="headerlink" href="#reregister" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">reregister</span></tt> argument is used to regenerate an RSA key pair for an API client. The public key will be stored on the Chef server and the private key will be displayed on <tt class="docutils literal"><span class="pre">STDOUT</span></tt> or written to a named file.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Running this argument will invalidate the previous RSA key pair, making it unusable during authentication to the Chef server.</p>
</div>
<div class="section" id="id13">
<h3>Syntax<a class="headerlink" href="#id13" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client reregister CLIENT_NAME <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id14">
<h3>Options<a class="headerlink" href="#id14" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">-f</span> <span class="pre">FILE_NAME</span></tt>, <tt class="docutils literal"><span class="pre">--file</span> <span class="pre">FILE_NAME</span></tt></dt>
<dd>Use to save a private key to the specified file name.</dd>
</dl>
</div>
<div class="section" id="id15">
<h3>Examples<a class="headerlink" href="#id15" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Reregister clients</strong></p>
<p>To regenerate the RSA key pair for a client named &#8220;testclient&#8221; and save it to a file named &#8220;rsa_key&#8221;, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client regenerate testclient -f rsa_key
</pre></div>
</div>
</div>
</div>
<div class="section" id="show">
<h2>show<a class="headerlink" href="#show" title="Permalink to this headline">¶</a></h2>
<p>The <tt class="docutils literal"><span class="pre">show</span></tt> argument is used to show the details of an API client.</p>
<div class="section" id="id16">
<h3>Syntax<a class="headerlink" href="#id16" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client show CLIENT_NAME <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="id17">
<h3>Options<a class="headerlink" href="#id17" title="Permalink to this headline">¶</a></h3>
<p>This argument has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">-a</span> <span class="pre">ATTR</span></tt>, <tt class="docutils literal"><span class="pre">--attribute</span> <span class="pre">ATTR</span></tt></dt>
<dd>The attribute (or attributes) to show.</dd>
</dl>
</div>
<div class="section" id="id18">
<h3>Examples<a class="headerlink" href="#id18" title="Permalink to this headline">¶</a></h3>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Show clients</strong></p>
<p>To view a client named &#8220;testclient&#8221;, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife client show testclient
</pre></div>
</div>
<p>to return something like:</p>
<div class="highlight-bash"><div class="highlight"><pre>admin:       <span class="nb">false</span>
chef_type:   client
json_class:  Chef::ApiClient
name:        testclient
public_key:
</pre></div>
</div>
<p>To view information in JSON format, use the <tt class="docutils literal"><span class="pre">-F</span></tt> common option as part of the command like this:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife role show devops -F json
</pre></div>
</div>
<p>Other formats available include <tt class="docutils literal"><span class="pre">text</span></tt>, <tt class="docutils literal"><span class="pre">yaml</span></tt>, and <tt class="docutils literal"><span class="pre">pp</span></tt>.</p>
</div>
</div>
</div>


          </div>

      </div>

  
      <div class="clearer"></div>
    </div>




  </body>
</html>